Bluetooth security problem, bad Android apps and nude photos on the Internet.
Welcome to Cyber Security Today. It’s Monday February 10th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
To hear the podcast click on the arrow below:
There’s a big security problem with the Android version of Bluetooth, the short-range wireless protocol used in devices like hands-free headsets and for connecting smartphones to cars. Google says an attacker could exploit the vulnerability to wirelessly send someone malware. Devices with Android versions 8 and 9 are particularly at risk. However, an attacker would have to be very close to a victim with a computing device to send the malware, and know the Android device’s Bluetooth address. That may not be hard. Google has released a fix with its February security update. But it may take weeks for Android device manufacturers and carriers to push out updates, unless you have a Google phone. What should you do in the meantime? First, turn off Bluetooth when you’re not using it. Second, turn off the device’s ability to discover other Bluetooth devices. Third, if you’re someone likely to be targeted — an executive, a lawyer, a reporter, for example — consider not using Bluetooth until your device has been patched with the February update.
More malicious apps have been found in the Google Play store. This time security vendor Trend Micro has done the discovery. It found nine apps that pretend to be utilities — things that will optimize your device — but really install malware and distribute ads for fraud. These apps have names like Speed Clean-Phone Booster, Super Clean Phone Booster, Shoot Clean, Rocket Cleaner and others. They’ve now been removed from the Play store. It’s a reminder how careful Android users have to be when downloading apps. The thing is, one of the things a smart user does is read the app reviews to see if they point out any trouble. However, hackers behind these apps use infected devices to post phony reviews. Fortunately there were clues, like many reviews having the same four words: “Great, works fast and good.” My advice is use as few mobile apps as possible. Research an app you’re interested in. Does it come from a company that appears to have a good reputation? If you are someone who downloads lots of apps, consider adding a mobile security app from a brand name company.
The Internet allows people to communicate around the world. It’s fun and cheap to chat, text and exchange images with people around the world — as long as you can trust them. A Canadian woman learned the hard way. According to Vice News, the woman had shared a nude photo of herself with one partner. But apparently that partner later posted that image on a chat app. It may be a criminal offence to do that in your country. But if the deed is done in another jurisdiction or the app is based outside your country police may not be able to do anything. Two lessons here: First, there is no privacy on the Internet. Be careful of what you say. Second, why post nude photos to anyone? Even if a friend is trustworthy your account may be hacked. That’s what happened to actress Jennifer Lawrence with photos she sent a boyfriend. The hacker was caught and sentenced to nine months in jail for breaking into many accounts. Big deal. The photos are still out there.
Finally, tomorrow is the second Tuesday of the month, which is the day Microsoft releases security patches for Windows. And, tomorrow is Safer Internet Day. Things I talk about regularly here — adding two-factor authentication to your logins, using a password manager, making sure you install software updates — all help to make your surfing safer.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA